Current FIRST Special Interest Groups and Birds of a Feather

Special Interest Groups and Birds of a Feather exist to provide a forum where FIRST Members can discuss topics of common interest to the Incident Response community. A SIG is a group of individuals composed of FIRST Members and invited parties, typically coming together to explore an area of interest or specific technology area, with a goal of collaborating and sharing expertise and experiences to address common challenges.

These are the FIRST SIGs and BoFs currently active:

Common Vulnerabilities Scoring System (CVSS-SIG)

The biggest challenge facing any new standard is the universal adoption of the standard. In order to address the inconsistency of scoring metrics for vulnerabilities, FIRST believes that a global approach towards adoption of the new standard is the best strategy.


This SIG aims to improve CSIRT incident management practices within the FIRST community.

Internet Infrastructure Vendors (Vendor SIG)

The goal of this SIG is to provide forum for Internet Infrastructure vendors. In this context Internet infrastructure is considered to be Operating Systems, computer hardware, networking equipment and critical applications.

Law Enforcement/CSIRT Cooperation (LECC-BoF)

To further co-operation between Incident Response and Law Enforcement, by the development of better understanding of organisational mission and specific requirements and producing practical trust and information-sharing protocols.

Network Monitoring (NM-SIG)

To advocate, develop and promote knowledge and techniques for collection and analysis of network sensor and monitoring data to build the capabilities of CSIRTs to quantify and measure malicious activity on networks to create more secure systems.

Malware Analysis SIG (MA-SIG)

This SIG will advocate and promote the sharing of malware analysis tools and techniques to enable CSIRTs to combat and analyze malicious code.

Botnet Mitigation and Remediation SIG (Botnet SIG)

The mission of this SIG is to bring together FIRST members and non-member subject matter experts to share experiences about botnet mitigation and remediation and to identify different approaches and best practices that can be implemented to address this problem.

Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)

VRDX-SIG is primarily chartered to research and recommend ways to identify and exchange vulnerability information across disparate vulnerability databases.

Vulnerability Coordination SIG

To develop and execute a strategy for improving vulnerability coordination globally.


Academic and NREN (National Research and Education Network)
Contact: Margrete Raaum via